EP2748751B1 - Système et procédé d'authentification du jour zéro de contrôles activex - Google Patents
Système et procédé d'authentification du jour zéro de contrôles activex Download PDFInfo
- Publication number
- EP2748751B1 EP2748751B1 EP12825003.2A EP12825003A EP2748751B1 EP 2748751 B1 EP2748751 B1 EP 2748751B1 EP 12825003 A EP12825003 A EP 12825003A EP 2748751 B1 EP2748751 B1 EP 2748751B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- file
- dll
- files
- activex control
- software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 41
- 230000006870 function Effects 0.000 claims description 42
- 230000000903 blocking effect Effects 0.000 claims description 5
- 238000013515 script Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 description 17
- 230000000694 effects Effects 0.000 description 11
- 238000004422 calculation algorithm Methods 0.000 description 8
- 239000000284 extract Substances 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000008520 organization Effects 0.000 description 4
- 230000000644 propagated effect Effects 0.000 description 4
- 230000002155 anti-virotic effect Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 229920005669 high impact polystyrene Polymers 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000012508 change request Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000007620 mathematical function Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 238000005067 remediation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/50—Service provisioning or reconfiguring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Definitions
- This disclosure relates in general to the field of computer networks and, more particularly, to a system and a method for day-zero authentication of ActiveX controls.
- downloadable Microsoft® ActiveX® controls from untrustworthy sources may potentially contain malicious software.
- untrustworthy sources i.e., known malicious sources or unknown sources
- users may have a need for accessing updated or new ActiveX controls as soon as they are available, even before such controls have been determined to be trustworthy.
- innovative tools are needed to assist IT administrators in the effective control and management of executable software files on computers within computer network environments.
- US 6,802,061 B1 discloses an approach for automatically downloading software components from a computer network, which can be used to provide dynamic or interactive multimedia components in HTML documents.
- the software components may be verified by checking a digital signature of the software component to ensure that the downloaded software component is computer virus and corruption free. After verification, the downloaded software component is installed on a local computer.
- a method in one embodiment includes verifying a digital signature of an ActiveX control, identifying an executable file of the ActiveX control, authorizing the executable file as an updater configured to enable trust propagation, if the digital signature is from an authorized issuer, and installing the ActiveX control.
- Verifying the digital signature includes checking whether a digital certificate coupled with the digital signature is present in a certificate store and is associated with the authorized issuer, and verifying an integrity of the ActiveX control, for example, by executing a function to return at least a hash of the cabinet file. More specific embodiments include hooking an exported function in the executable file and marking a thread calling the exported function as an updater.
- Hooking the exported function includes patching the executable function so that when the exported function is called during execution of the executable file, a second function is executed before the exported function is executed.
- Other embodiments include extracting a cabinet file wrapping the ActiveX control, parsing an information file in the cabinet file, and downloading additional components for installing the ActiveX control.
- FIGURE 1 is a simplified block diagram illustrating an example implementation of a system 10 for day-zero authentication of downloadable controls.
- Microsoft® ActiveX® controls are particularly suited to the day-zero authentication activities described in the present disclosure and will be referenced herein accordingly.
- the exemplary network environment illustrates a computer network 12 comprising an authentication engine 20 connected to an Internet cloud 14 and a database 16a comprising white-listing solutions and a database 16b comprising digital signatures.
- the digital signatures may be locally created for a particular network (or organization) or globally defined or any suitable combination thereof.
- the white-listing solutions may be local white-listing solutions or global white-listing solutions or any suitable combination thereof.
- Authentication engine 20 may comprise a download module 22 operable to download files, including ActiveX controls from Internet cloud 14, a verify module 24 operable to verify digital signatures of downloaded files, an extract module 26 operable to extract compressed files in downloaded files, a parse module 28 operable to parse downloaded files, an updater module 30 operable to authorize downloaded files, a hook module 32 operable to hook certain functions in downloaded files, and an install module 34 operable to install ActiveX controls.
- Authentication engine 20 may also comprise one or more processors 36 and one or more memory elements 38.
- a "digital certificate” is a set of data that can substantially identify an entity.
- Digital certificates are typically issued to a requester (e.g., an entity or an individual) by a certificate authority ("CA") after the CA has verified the requester's identity.
- a digital certificate can contain different types of data, for example, the algorithm used to sign the certificate, the name of the CA that issued the certificate, the name and public key of the requester, and the CA's digital signature.
- a "digital signature” is a mathematical scheme for demonstrating the authenticity of digital data (e.g., a digital message or file), and is designed to assure a recipient that the data was created by a known sender, and that it was not altered in transit.
- the digital signature is computed using a set of rules or algorithms and a set of parameters such that the identity of the signatory and integrity of the data can be verified.
- a digital signature algorithm may be implemented in software, firmware, hardware, or any combination thereof.
- a hash function may be used in the signature generation process to obtain a condensed version of data, called a message digest.
- a hash is a fixed-size result obtained by applying a mathematical function (called a hashing algorithm) to an arbitrary amount of data such that a change to the data changes the hash value. Generating a message with a given hash, modifying a message without changing the hash and finding another message with an identical hash may all be infeasible.
- a hash is usually used in information security applications.
- the message digest containing the hash is input into the DSA to generate the digital signature.
- the digital signature is sent to the recipient along with the signed data.
- the same hash function is also used in the verification process.
- the DSA authenticates the integrity of the signed data and the identity of the signatory.
- a file such as an ActiveX control
- the digital certificate may thus be coupled to the digital signature.
- a private cryptographic key may be used to digitally sign an ActiveX control.
- the private cryptographic key may be contained in a digital certificate purchased from a CA (e.g., VeriSign Inc.).
- the ActiveX control e.g., CAB file
- the digital signing process may generate an object that contains various information, for example, a signed cryptographic digest of the file, identity of the CA used to create the signature, the digital certificate, etc.
- authentication engine 20 may be configured to provide day-zero authentication of an ActiveX control downloaded from Internet 14 if it is from a trusted source according to its digital signature.
- ActiveX controls may be wrapped in a cabinet file (e.g., .CAB format), which has been digitally signed by an issuing authority of the cabinet file.
- cabinet files e.g., .CAB format
- CAB files are files that are used to package executable files for delivery, and can include CAB file, ZIP file, and any other similar file comprising a package of one or more executable files.
- cabinet files are presented in native compressed archive format, supporting compression and digital signing.
- CAB files can reserve empty space in the file header for some specific uses like placing digital signatures or arbitrary data.
- CAB files are also often attached to self-extracting programs where the executable program extracts the attached CAB file.
- CAB files are also sometimes embedded into other files.
- the ActiveX control may comprise compressed or uncompressed executable files (also referred to herein as 'binaries') in various formats, including executable (*.EXE), dynamic link library (*.DLL), and script formats.
- authentication engine 20 may verify and authorize one or more files downloaded by the ActiveX control and add such authorized files to database 16.
- Typical network environments both in organizations (e.g., businesses, schools, government organizations, etc.) and in homes include a plurality of computers such as end user desktops, laptops, servers, network appliances, and the like, with each computer having an installed set of executable software.
- network environments may include hundreds or thousands of computers, which can span different buildings, cities, and/or geographical areas around the world. IT administrators are often tasked with the extraordinary responsibility of maintaining these computers and their software in a way that minimizes or eliminates disruption to the organization's activities.
- white-listing solutions which search databases of known trusted software (i.e., white-lists) and only allow software to execute if the software is identified on the white-list.
- Software program files evaluated and determined to be trustworthy e.g., uncontaminated, free of malicious code, etc.
- whitelists software may be certified as safe and trusted by an authorized individual or entity (e.g., a local administrator, a software security organization or enterprise, etc.).
- Whitelists may be implemented using checksums where a unique checksum for each program file is stored, which can be readily compared to a computed checksum of a program file sought to be evaluated.
- a checksum can be a mathematical value or hash sum (e.g., a fixed string of numerical digits) derived by applying an algorithm to a software program file. If the algorithm is applied to a second software program file that is identical to the first software program file, then the checksums should match. However, if the second software program file is different (e.g., it has been altered in some way, it is a different version of the first software program file, it is a wholly different type of software, etc.) then the checksums are very unlikely to match.
- white-listing solutions can be inflexible, potentially creating delays and disruptions when new software is needed and adding additional steps to administrative workflows. For example, a fresh release of any software or its vulnerability patches will not execute unless they have been added to the white-list. This may result in a major problem because the user may be forced to use existing unsecured software till the vulnerability patch has been white-listed by the white-list administrator.
- ActiveX controls when users download ActiveX controls from unknown sources on the Internet, such ActiveX controls may have to be screened to ensure that they are from trusted sources. However, even if the ActiveX control is from a trusted source, it may not be allowed to execute if the ActiveX control file is not in the white-list. Moreover, each binary component created and executed to install the ActiveX control may not be allowed to execute if it is not also identified in the white-list.
- ActiveX controls are Component Object Model (COM) compliant binary code components and they can be downloaded and executed in a browser.
- ActiveX controls are small programs which are customized for download over the Internet to provide specific functionality on a web-page or its associated content. For example, an ActiveX control may allow a user to quickly add specific functionality to his browser without resorting to an elaborate download-install process. Because ActiveX controls are typically small in size, they may take merely a few seconds to install.
- COM Component Object Model
- IE may prompt the user to download a Flash ActiveX control that can display animation within IE.
- ActiveX controls be wrapped in a cabinet file (CAB file) containing an information file (INF file) and signed with a private key of the ActiveX control's creator (e.g., Adobe or Macromedia in case of their respective flash players).
- the private key may be part of the digital signature of the CAB file.
- CAB file cabinet file
- the cabinet format provides a way to efficiently package multiple files in a single cabinet; and data compression is performed across file boundaries, significantly improving the compression ratio. Note that the cabinet file as a whole is digitally signed but individual components inside the cabinet file may be unsigned.
- a browser e.g., Internet Explorer® (IE) browser
- IE Internet Explorer®
- HTML Hypertext Markup Language
- the browser downloads and executes the ActiveX controls present at a uniform resource locator (URL) specified in the OBJECT tag.
- This may present a significant security risk (e.g., the ActiveX control is a malware) and therefore, most security solutions block execution of such ActiveX controls.
- the user may want some of the controls to run, for example, because of their usefulness.
- the automatic blocking therefore, presents a problem with white-listing solutions.
- White-listing solutions are generally based on a premise that any unknown piece of code is potentially unsafe and thus should not be allowed to execute. Thus, if a user wants to install an ActiveX control or update an already installed ActiveX control on the day of its release (i.e., day-zero), that may not be allowed by the white-list. Continuously keeping abreast of all useful/allowed ActiveX controls, including any updates, and adding the appropriate signatures to a white-list can be a time consuming practice for IT and lead to inefficient use of resources.
- a domain administrator can add a given URL to a trusted list and then any domain user is allowed to download and install an ActiveX control from that location.
- allowing a URL to be added to a white-list presents a security risk because URLs may be "spoofed.”
- a spoofed URL represents a website that poses as another. For example, a URL may purport to locate www.foo.com, whereas the actual location from where the ActiveX control is downloaded is www.foobar.com, which may contain malicious code or other security risks.
- each ActiveX control needs a corresponding URL to be listed individually.
- Embodiments of the present disclosure can safely allow freshly released software to be automatically white-listed for execution on computers without involving any manual addition to the white-list by the administrator.
- Embodiments of the present disclosure can also allow software not listed in the white-list to be added to the white-list automatically if the software is from a trusted source according to its digital signature.
- Trusted sources may be pre-selected issuers of software and, in one embodiment, may be identified by their digital certificates stored in a certificate repository such as database 16b.
- references to various features e.g., elements, structures, modules, components, steps, operations, characteristics, etc.
- references to various features e.g., elements, structures, modules, components, steps, operations, characteristics, etc.
- references to various features are intended to mean that any such features are included in one or more embodiments of the present disclosure, but may or may not necessarily be combined in the same embodiments.
- download module 22 in authentication engine 20 may download a cabinet file from a web site on Internet 14 visited by a user.
- Verify module 24 can verify the digital signature of the downloaded cabinet file using any suitable method.
- white-list database 16a and digital signature database 16b may be combined into a single database 16.
- Verify module 24 can verify if the digital certificate of the downloaded CAB file matches or otherwise suitably corresponds to a previously stored certificate in database 16b.
- Database 16b may be preconfigured with digital certificates corresponding to authorized issuers. Alternatively, or additionally, a user may configure an application control policy to manually add the digital certificate.
- Determining the certificate and hash of a CAB file can be done by any suitable means, including executing a function to return at least a hash of the cabinet file.
- a function to return at least a hash of the cabinet file.
- Microsoft's MsiGetFileSignatureInformation() function may be executed to return a signer certificate and hash of the cabinet file.
- extract module 26 can extract the contents of the cabinet file.
- extract module 26 may use cabinet file handling libraries provided by Microsoft as part of Microsoft Cabinet Software Development Kit (cabSDK).
- the cabinet file may contain an information file (.INF) that provides installation instructions.
- the INF file is typically a text file that specifies other files that have to be present or downloaded for the ActiveX control to be installed. For example, INF file may specify the files to download, and point to the URLs of such files.
- Parse module 28 parses the information file and identifies any executable files (e.g., EXE, DLL, and scripts) therein.
- Updater module 30 may authorize appropriate executable files by marking them as updaters.
- updaters are files with special privileges (i.e., "update privileges") to white-list other executable files and binaries. For example, if EXAMPLEA.DLL is white-listed and made an updater, it can download EXAMPLEB.DLL which may be automatically white-listed and marked an updater, which can then download EXAMPLEC.DLL and so on.
- updater module 30 may use hook module 32 to identify certain exported functions in the executable files and appropriately patch the executable files to authorize a thread calling the exported functions.
- "patching" an executable file refers to updating the file, modifying the file, or running a patch file to update and/or modify the file. In general, a patch file is a text file that consists of a list of differences between an original file and an updated file.
- the authorized executable files may be added to the white-listing solution in database 16 automatically by updater module 30.
- the authorized executable files may download additional components for installing the ActiveX control through download module 22. Such additional components may also be automatically authorized, as appropriate. Because all appropriate components can be downloaded before white-list databases have been updated by authorized administrators or entities, install module 34 may install the ActiveX control.
- system 10 of FIGURE 1 is hardware that may be suitably coupled to authentication engine 20 in the form of consoles, user interfaces, memory management units (MMU), additional symmetric multiprocessing (SMP) elements, peripheral component interconnect (PCI) bus and corresponding bridges, small computer system interface (SCSI)/integrated drive electronics (IDE) elements, etc.
- MMU memory management units
- SMP symmetric multiprocessing
- PCI peripheral component interconnect
- IDE integrated drive electronics
- suitable modems and/or network adapters may also be included for allowing network access by components of system 10.
- Any suitable operating systems may also be configured in components of system 10 to appropriately manage the operation of hardware components therein.
- Components of system 10 may include any other suitable hardware, software, components, modules, interfaces, or objects that facilitate the operations thereof. This may be inclusive of appropriate algorithms and communication protocols that facilitate the day-zero authentication of ActiveX control operations detailed herein.
- each device may include more or less components where appropriate and based on particular requirements.
- the term 'computer' is meant to encompass any personal computers, laptops, network appliances, routers, switches, gateways, processors, servers, load balancers, firewalls, or any other suitable device, component, element, or object operable to affect or process electronic information in a network environment.
- System 10 may be adapted to provide day-zero authentication of ActiveX controls related activities for electronic data, which could be resident in memory of a computer or other electronic storage device.
- Information related to day-zero authentication of ActiveX controls related activities can be suitably rendered, or sent to a specific location, or simply stored or archived (e.g., in database 16a or 16b), and/or properly displayed in any appropriate format.
- FIGURE 2 is a flow-chart illustrating example operational steps that may be associated with a method 50 according to the present disclosure.
- Method 50 starts in step 52, when a user activates a browser on a computer. The user may visit a website with a link to download an ActiveX control in step 54.
- Download module 22 may download the ActiveX control on the computer when a user visits a web page that needs the ActiveX control.
- the ActiveX control may be in the form of a cabinet file package.
- verify module 24 checks if the issuer is authorized (e.g., verifies the digital signature of the CAB file against previously stored certificates in a trusted certificate store in database 16). A digital certificate may be extracted from the CAB file using any suitable extraction tool.
- the integrity of the package may also be verified, for example, by using Microsoft's MsiGetFileSignaturelnformation() API. If the issuer is not authorized (e.g., verification fails, certificate is not present in the certificate store), the ActiveX control is blocked from execution in step 58 (e.g., via the existing white-listing solution) and the process terminates in step 70.
- extract module 26 extracts the cabinet file to a temporary directory in step 60.
- the cabinet file may contain an INF file, for example, FOO.INF file, which can be identified in the temporary directory.
- parse module 28 parses FOO.INF and can identify all binaries that need to be authorized for execution to successfully install the ActiveX control. Thus, the identified binaries may be white-listed and marked as updaters.
- FOO.DLL is identified as a binary that needs such authorization.
- Updater module 30 may authorize FOO.DLL for execution and configure FOO.DLL to enable "trust propagation.” Grant of the trust privilege to other binaries at runtime is termed herein as "trustpropagation.”
- the new binaries are automatically added to the white-list in database 16 because they have been installed by a trusted program; moreover, the updater program may grant its trust privilege to the new binaries such that they are also marked as updaters, and are also eligible to install any new binaries which can get added to the white-fist as well and become updaters.
- the trust privilege may be inherited.
- FOO.DLL may further download other DLL files and/or EXE files (e.g., EXAMPLEB.DLL and EXAMPLEB.EXE) at runtime, which in turn are configured to further download more binaries (e.g., EXAMPLEC.DLL and EXAMPLEC.EXE).
- EXAMPLEB.DLL and EXAMPLEB.EXE e.g., EXAMPLEB.DLL and EXAMPLEB.EXE
- EXAMPLEB.EXE/EXAMPLEB.DLL can download EXAMPLEC.EXE/EXAMPLEC.DLL but EXAMPLEB.EXE/EXAMPLEB.DLL may not be allowed to execute EXAMPLEC.EXE/EXAMPLEC.DLL if EXAMPLEB.DLL/EXAMPLEB.EXE are not on the white-list.
- EXAMPLEB.EXE/EXAMPLEB.DLL are on the whitelist, then EXAMPLEC .EXE/EXAMPLEC.DLL may still not be executed unless EXAMPLEC.EXE/EXAMPLEC.DLL are also on the white-list.
- the table shows a comparison between three different types of programs: (1) normal white-list program; (2) trusted program without trust propagation enabled; and (3) trusted program with trust propagation enabled.
- normal white-list program execution of a new binary or DLL file called by the white-list program is not permitted if the new binary or DLL file is not present in the white-list.
- Execution of the new binary or DLL file called by a program is permitted if the program is trusted even if the new binary or DLL file is not present in the white-list.
- Execution of another binary or DLL, which is not present in the white-list, by the new binary is not permitted even by a trusted program if trust propagation is not enabled.
- the new binary may be marked as trusted and allowed to execute other binaries or DLL files that may not be present in the white-list.
- step 64 FOO.DLL, which has been authorized for execution, causes download module 22 to download another DLL file, for example, BAR.DLL.
- Updater module 30 marks BAR.DLL also as trusted and an updater, because FOO.DLL is configured to enable trust propagation.
- step 66 BAR.DLL is authorized to further download and execute additional components (e.g., binaries) as appropriate for installing the ActiveX control. When all appropriate components have downloaded, install module 34 installs the ActiveX control in step 68. The process ends in step 70.
- additional components e.g., binaries
- FIGURE 3 is a simplified flow-chart illustrating additional details that may be associated with embodiments according to the present disclosure.
- Method 80 begins in step 82 when trust propagation is activated.
- a binary file downloaded by download module 22 may be a portable executable 32-bit (PE32) file.
- PE32 portable executable 32-bit
- step 84 a determination of the type of binary file is made. If the binary file (e.g., PE32) is in an executable format (e.g., EXE format), new binaries being downloaded and executed by PE32.EXE may be monitored in step 86.
- step 88 trust is propagated to the newly downloaded binaries so that they are enabled to download additional binaries during runtime. The new binaries are allowed to execute in step 90.
- the binary file e.g., PE32
- OCX Object Linking and Embedding Control eXtension
- IE context of the browser
- a determination about the number of threads that invokes the DLL/OCX file is made in step 92. If the DLL/OCX file can be invoked from only one thread, file-downloads from a context of the thread may be tracked in step 94. On the other hand, if the DLL/OCX file can be invoked from multiple threads, certain functions (e.g., functions related to file creation in the DLL import table) may be hooked to identify the file causing the download in step 96.
- certain functions e.g., functions related to file creation in the DLL import table
- step 88 trust is propagated to the newly downloaded binaries so that they are enabled to download additional binaries during runtime.
- the new binaries are allowed to execute in step 90.
- the process ends in step 98.
- an ActiveX control may be installed as follows.
- a browser e.g., IE
- may download the relevant CAB file e.g., ieatgpc.cab.
- IE may extract (e.g., unwrap) the CAB file into one or more files, for example, ieatgpc.inf and ieatgpc.dll.
- IE may parse ieatgpc.inf to find the name of a DLL file to load, for example, ieatgpc.dll.
- IE may load ieatgpc.dll.
- the newly loaded file may establish a secure connection to a server and download additional DLL files, for example, atgpcdec.dll and atgpcext.dll. Trust may be propagated to atgpcdec.dll and atgpcext.dll to enable them to download and execute additional files.
- the new DLL files e.g., ieatgpc.dll, atgpcdec.dll and atgpcext.dll
- FIGURE 4 is a simplified flow-chart illustrating example operational steps in a method 100 according to the present disclosure.
- Updater module 30 can mark an executable file (e.g., EXE, DLL and scripts) as an updater, with special privileges to download files and mark any relevant downloaded files as updaters.
- an executable file e.g., EXE, DLL and scripts
- the operating system e.g., of the computer performing the download
- the operating system may not be able to identify the actual file (e.g., DLL file) that performs the download in the process, because the process may call multiple files during execution, one of which performs the download.
- the browser e.g., Internet Explorer (IE)
- IE Internet Explorer
- an executable called by IE may be the actual file causing the download.
- a program causing the download (other than IE) may have to be identified and marked as an updater.
- the ActiveX control may also be white-listed and allowed to execute.
- updater module 30 can selectively allow execution of trusted ActiveX controls that have a verified digital signature, by identifying the appropriate executable file to be made an updater.
- Executable files with a .EXE extension are generally executed outside the browser's process context. Therefore, files with .EXE extensions may be marked as updaters by updater module 30 without causing the browser itself to become an updater.
- files in DLL format generally load in the context of a browser's process and therefore cannot be made updaters indiscriminately. Not all DLL files may perform download actions, and therefore, may not be indiscriminately marked as updaters.
- files in DLL format install ActiveX controls in a single-thread context. A thread of execution is a smallest unit of processing that can be scheduled by an operating system. Multiple threads can exist within the same process and share resources, such as memory.
- Updater module 30 can identify the single thread causing the ActiveX control download, and make the thread an updater for a specific time window during which the DLL installs the trusted ActiveX control.
- updater module 30 hooks one or more exported functions (e.g., Original_Func()) of the DLL files (e.g., files to be made updaters) such that, at run-time, when a DLL file is loaded, updater module 30 obtains control at specific points in the execution and can mark the thread in which these exported functions are called as an updater.
- exported functions are functions that a module in a DLL file exposes to other modules and/or other files.
- a DLL file contains an exports table listing the name of every function (i.e., exported function) that the DLL file exports to other executables.
- an exports table in a DLL file may contain a Createfite() function, which may be called by the DLL file and by other files accessing the DLL file.
- updater module 30 may revoke the updater privilege from the thread.
- hooking covers a range of techniques used to alter or augment the behavior of software components (e.g., executable files) by intercepting function calls or messages or events passed between software components. For example, an entry point of an exported function within a module can be found and the module can then be altered to instead dynamically load some other library module and then execute desired functions within that loaded library.
- function calls may be intercepted through a wrapper library.
- a wrapper may contain a separate but similar version of a library that an application loads, with substantially similar functionality of the original library that it will replace. This wrapper library can be designed to call any of the functionality from the original library, or replace it with an entirely new set of logic.
- updater module 30 identifies Original_Func() of the DLL files as an exported function to be hooked.
- Original_Func() may be a CreateFile() function called by Example.DLL.
- updater module 30 uses hook module 32 to patch the DLL file so that when Original_Func() is called by the program (e.g., IE executing the DLL file), a hook function (e.g., Solidcore_Func()) is called instead.
- updater module 30 may patch the Example.DLL file by changing the location of a function pointer to Sotidcore_Func() instead of CreateFile().
- decision making steps may be executed before calling Original_Func().
- updater module 30 identifies Example.DLL as the file calling the function.
- Original_Func() is called and executed.
- updater module 30 identifies and marks Example.DLL as an updater, permitting Example.DLL to download and execute additional components as appropriate for downloading the ActiveX control.
- the example network environment in the FIGURES may be configured as one or more networks in any form including, but not limited to, local area networks (LANs), wireless local area networks (WLANs), metropolitan area networks (MANs), wide area networks (WANs), virtual private networks (VPNs), Intranet, Extranet, any other appropriate architecture or system, or any combination thereof that facilitates communications in a network.
- communication links connecting components of system 10 may represent any electronic link supporting a LAN environment such as, for example, cable, Ethernet, wireless technologies (e.g., IEEE 802.11x), ATM, fiber optics, etc. or any suitable combination thereof.
- communication links in system 10 may represent a remote connection, for example, to Internet 14, through any appropriate medium (e.g., digital subscriber lines (DSL), telephone lines, T1 lines, T3 lines, wireless, satellite, fiber optics, cable, Ethernet, etc. or any combination thereof) and/or through any additional networks such as a wide area networks (e.g., the Internet).
- DSL digital subscriber lines
- gateways, routers, switches, and any other suitable network elements may be used to facilitate electronic communication between devices on network 12.
- network 12 illustrated in FIGURE 1 may include a configuration capable of transmission control protocol/internet protocol (TCP/IP) communications for the transmission and/or reception of packets in the network.
- TCP/IP transmission control protocol/internet protocol
- Network 12 could also operate in conjunction with a user datagram protocol/IP (UDP/IP) or any other suitable protocol, where appropriate and based on particular needs.
- UDP/IP user datagram protocol/IP
- authentication engine 20 may reside on end user computers that could be operated by end users.
- the end user computers may include desktops, laptops, and mobile or handheld computers (e.g., personal digital assistants (PDAs), iPads, gaming consoles, mobile phones, etc.), or any other type of computing device operable by an end user.
- PDAs personal digital assistants
- FIGURE 1 is intended as an example and should not be construed to imply architectural limitations in the present disclosure.
- System 10 may be implemented to provide various options for performing actions for day-zero authentication of ActiveX controls. Such options may include, generally, blocking or allowing execution of files on the various modules. Such blocking or allowing may be accomplished by, for example, blocking execution of a file, adding a file to a white-list, adding a file to a black-list, moving, replacing, renaming, or quarantining a file, changing a network configuration of hosts containing files to block certain network traffic, starting or stopping processes of hosts containing files modifying the software configuration of hosts containing files, and opening a change request using a change ticketing system.
- system 10 may be suitably integrated with various existing security technologies such as, for example, McAfee® Anti-Virus software, McAfee® HIPS software, McAfee® Application Control white-listing software, or any other appropriate security software.
- McAfee® Anti-Virus software McAfee® HIPS software
- McAfee® Application Control white-listing software or any other appropriate security software.
- Software and other electronic data for achieving the day-zero authentication of ActiveX control operations outlined herein can be provided at various locations (e.g., the corporate IT headquarters, end user computers, distributed servers in the cloud, etc.).
- this software could be received or downloaded from a web server (e.g., in the context of purchasing individual end-user licenses for separate networks, devices, servers, etc.) in order to provide this system for day-zero authentication for ActiveX controls.
- this software is resident in one or more computers and/or web hosts sought to be protected from a security attack (or protected from unwanted or unauthorized manipulations of data).
- the software of the system for day-zero authentication of ActiveX controls in a computer network environment could involve a proprietary element (e . g ., as part of a network security solution with McAfee® ePolicy Orchestrator (ePO) software, McAfee® Anti-Virus software, McAfee® HIPS software, McAfee® Application Control software, etc.), which could be provided in (or be proximate to) these identified elements, or be provided in any other device, server, network appliance, console, firewall, switch, information technology (IT) device, distributed server, etc., or be provided as a complementary solution, or otherwise provisioned in the network.
- ePO McAfee® ePolicy Orchestrator
- the day-zero authentication of ActiveX controls related activities outlined herein may be implemented in software. This could be inclusive of software provided in authentication engine 20 and in other network elements. These elements and/or modules can cooperate with each other in order to perform the day-zero authentication of ActiveX controls related activities as discussed herein. In other embodiments, these features may be provided external to these elements, included in other devices to achieve these intended functionalities, or consolidated in any appropriate manner. For example, some of the processors associated with the various elements may be removed, or otherwise consolidated such that a single processor and a single memory location are responsible for certain activities. In a general sense, the arrangement depicted in FIGURES may be more logical in its representation, whereas a physical architecture may include various permutations, combinations, and/or hybrids of these elements.
- some or all of these elements include software (or reciprocating software) that can coordinate, manage, or otherwise cooperate in order to achieve the day-zero authentication of ActiveX control operations, as outlined herein.
- One or more of these elements may include any suitable algorithms, hardware, software, components, modules, interfaces, or objects that facilitate the operations thereof.
- such a configuration may be inclusive of logic encoded in one or more tangible media, which may be inclusive of non-transitory media (e.g., embedded logic provided in an application specific integrated circuit (ASIC), digital signal processor (DSP) instructions, software (potentially inclusive of object code and source code) to be executed by a processor, or other similar machine, etc.).
- ASIC application specific integrated circuit
- DSP digital signal processor
- one or more memory elements can store data used for the operations described herein. This includes the memory element being able to store software, logic, code, or processor instructions that are executed to carry out the activities described in this Specification.
- a processor can execute any type of instructions associated with the data to achieve the operations detailed herein in this Specification.
- processor 36 could transform an element or an article (e.g., data) from one state or thing to another state or thing.
- the activities outlined herein may be implemented with fixed logic or programmable logic ( e . g ., software/computer instructions executed by a processor) and the elements identified herein could be some type of a programmable processor, programmable digital logic ( e .
- FPGA field programmable gate array
- EPROM erasable programmable read only memory
- EEPROM electrically erasable programmable read only memory
- ASIC ASIC that includes digital logic, software, code, electronic instructions, flash memory, optical disks, CD-ROMs, DVD ROMs, magnetic or optical cards, other types of machine-readable mediums suitable for storing electronic instructions, or any suitable combination thereof.
- Authentication engine 20 and other associated components in system 10 can include one or more memory elements (e.g., memory 38, databases 16a and 16b) for storing information to be used in achieving operations associated with the application assessment as outlined herein. These devices may further keep information in any suitable type of memory element (e.g., random access memory (RAM), read only memory (ROM), field programmable gate array (FPGA), erasable programmable read only memory (EPROM), electrically erasable programmable ROM (EEPROM), etc.), software, hardware, or in any other suitable component, device, element, or object where appropriate and based on particular needs.
- RAM random access memory
- ROM read only memory
- FPGA field programmable gate array
- EPROM erasable programmable read only memory
- EEPROM electrically erasable programmable ROM
- the information being tracked, sent, received, or stored in system 10 could be provided in any database, register, table, cache, queue, control list, or storage structure, based on particular needs and implementations, all of which could be referenced in any suitable timeframe.
- Any of the memory items discussed herein should be construed as being encompassed within the broad term 'memory element.
- any of the potential processing elements, modules, and machines described in this Specification should be construed as being encompassed within the broad term 'processor.
- Each of the computers may also include suitable interfaces for receiving, transmitting, and/or otherwise communicating data or information in a network environment.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Claims (14)
- Procédé mis en oeuvre par ordinateur comprenant les étapes ci-dessous consistant à :vérifier (56) une signature numérique d'un contrôle ActiveX ; etidentifier (62) au moins un fichier exécutable du contrôle ActiveX ;autoriser l'exécution dudit au moins un fichier exécutable en mettant en liste blanche ledit au moins un fichier exécutable, et autoriser ledit au moins un fichier exécutable en tant que fichier de mise à jour en marquant ledit au moins un fichier exécutable en tant que fichier de mise à jour si la signature numérique provient d'un émetteur autorisé, dans lequel un fichier de mise à jour est un fichier disposant de privilèges pour mettre d'autres fichiers exécutables en liste blanche ; et
installer le contrôle ActiveX. - Procédé selon la revendication 1, dans lequel l'étape d'autorisation dudit au moins un fichier exécutable en tant qu'un fichier de mise à jour comprend les étapes ci-dessous consistant à :accrocher au moins une fonction exportée dans ledit au moins un fichier exécutable ;fournir des privilèges de mise à jour à un fil d'exécution appelant ladite au moins une fonction exportée ; etde préférence, révoquer des privilèges de mise à jour provenant du fil d'exécution lorsque ledit au moins un fichier exécutable est déchargé.
- Procédé selon la revendication 2, dans lequel l'étape d'accrochage comprend l'étape consistant à retoucher ledit au moins un fichier exécutable de sorte que, lorsque ladite au moins une fonction exportée est appelée au cours de l'exécution dudit au moins un fichier exécutable, une seconde fonction est exécutée avant que ladite au moins une fonction exportée ne soit exécutée.
- Procédé selon l'une quelconque des revendications 1 à 3, dans lequel le contrôle ActiveX est enveloppé dans un fichier « CAB », et le procédé comprend de préférence l'étape consistant à extraire le fichier « CAB ».
- Procédé selon la revendication 4, dans lequel le fichier « CAB » comprend un fichier d'informations.
- Procédé selon la revendication 5, comprenant en outre l'étape consistant à analyser le fichier d'informations.
- Procédé selon l'une quelconque des revendications précédentes, comprenant en outre l'étape consistant à télécharger des composants supplémentaires pour installer le contrôle ActiveX.
- Procédé selon l'une quelconque des revendications précédentes, comprenant en outre l'étape consistant à bloquer l'exécution du contrôle ActiveX si la signature numérique ne provient pas d'un émetteur autorisé.
- Procédé selon l'une quelconque des revendications précédentes, dans lequel ledit au moins un fichier exécutable est sélectionné à partir d'un groupe comprenant des fichiers aux formats « EXE », « DLL » et « script ».
- Procédé selon l'une quelconque des revendications précédentes, dans lequel l'étape de vérification d'une signature numérique comprend les étapes ci-dessous consistant à :vérifier si un certificat numérique couplé à la signature numérique est présent dans un magasin de certificats et est associé à l'émetteur autorisé ; etvérifier une intégrité du contrôle ActiveX, et notamment exécuter une fonction pour renvoyer au moins un hachage du fichier « CAB ».
- Appareil comprenant un élément de mémoire et un processeur, lequel est configuré de manière à mettre en oeuvre le procédé selon l'une quelconque des revendications précédentes.
- Appareil selon la revendication 11, dans lequel l'élément de mémoire comprend des instructions lisibles par machine qui, lorsqu'elles sont exécutées, amènent l'appareil à mettre en oeuvre le procédé.
- Appareil selon l'une quelconque des revendications 11 à 12, dans lequel l'appareil est un système informatique.
- Au moins un support lisible par ordinateur comprenant des instructions qui, lorsqu'elles sont exécutées, mettent en oeuvre un procédé selon l'une quelconque des revendications 1 à 10.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/216,388 US20130055369A1 (en) | 2011-08-24 | 2011-08-24 | System and method for day-zero authentication of activex controls |
PCT/US2012/052282 WO2013028978A1 (fr) | 2011-08-24 | 2012-08-24 | Système et procédé d'authentification du jour zéro de contrôles activex |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2748751A1 EP2748751A1 (fr) | 2014-07-02 |
EP2748751A4 EP2748751A4 (fr) | 2015-05-27 |
EP2748751B1 true EP2748751B1 (fr) | 2019-01-09 |
Family
ID=47745677
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP12825003.2A Active EP2748751B1 (fr) | 2011-08-24 | 2012-08-24 | Système et procédé d'authentification du jour zéro de contrôles activex |
Country Status (4)
Country | Link |
---|---|
US (1) | US20130055369A1 (fr) |
EP (1) | EP2748751B1 (fr) |
CN (1) | CN103988208A (fr) |
WO (1) | WO2013028978A1 (fr) |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110191494A1 (en) * | 2008-05-27 | 2011-08-04 | Turanyi Zoltan Richard | System and method for backwards compatible multi-access with proxy mobile internet protocol |
US10235216B1 (en) * | 2009-10-15 | 2019-03-19 | Ivanti, Inc. | Modifying system-defined user interface control functionality on a computing device |
US9152470B2 (en) * | 2011-09-07 | 2015-10-06 | Imagine Communications Corp. | Systems and methods for computing applications |
US9225690B1 (en) * | 2011-12-06 | 2015-12-29 | Amazon Technologies, Inc. | Browser security module |
US8935755B1 (en) * | 2012-02-06 | 2015-01-13 | Google Inc. | Managing permissions and capabilities of web applications and browser extensions based on install location |
US8984598B2 (en) * | 2012-06-27 | 2015-03-17 | International Business Machines Corporation | Web-based security proxy for computing system environment scanning |
US9135030B2 (en) * | 2012-06-29 | 2015-09-15 | M-Files Oy | Method, an apparatus and a computer program product for extending an application in a client device |
US9323936B2 (en) * | 2013-03-15 | 2016-04-26 | Google Inc. | Using a file whitelist |
US9270467B1 (en) * | 2013-05-16 | 2016-02-23 | Symantec Corporation | Systems and methods for trust propagation of signed files across devices |
US8943592B1 (en) | 2013-07-15 | 2015-01-27 | Eset, Spol. S.R.O. | Methods of detection of software exploitation |
US9385869B1 (en) * | 2014-03-26 | 2016-07-05 | Symantec Corporation | Systems and methods for trusting digitally signed files in the absence of verifiable signature conditions |
US10587641B2 (en) | 2014-05-20 | 2020-03-10 | Micro Focus Llc | Point-wise protection of application using runtime agent and dynamic security analysis |
WO2015178895A1 (fr) * | 2014-05-20 | 2015-11-26 | Hewlett-Packard Development Company, L.P. | Protection point par point d'une application à l'aide d'un agent d'exécution |
CN104200164B (zh) * | 2014-09-10 | 2017-07-25 | 北京金山安全软件有限公司 | 一种加载器Loader病毒的查杀方法、装置及终端 |
CN104239801B (zh) * | 2014-09-28 | 2017-10-24 | 北京奇虎科技有限公司 | 0day漏洞的识别方法以及装置 |
CN106330812B (zh) * | 2015-06-15 | 2019-07-05 | 腾讯科技(深圳)有限公司 | 文件安全性识别方法及装置 |
US10860715B2 (en) * | 2016-05-26 | 2020-12-08 | Barracuda Networks, Inc. | Method and apparatus for proactively identifying and mitigating malware attacks via hosted web assets |
US10503894B2 (en) * | 2016-08-30 | 2019-12-10 | Ncr Corporation | Secure process impersonation |
CN107968769A (zh) * | 2016-10-19 | 2018-04-27 | 中兴通讯股份有限公司 | 网页安全检测方法及装置 |
JP6728113B2 (ja) * | 2017-08-22 | 2020-07-22 | 株式会社東芝 | 情報処理装置、情報処理方法、および情報処理プログラム |
JP6829168B2 (ja) * | 2017-09-04 | 2021-02-10 | 株式会社東芝 | 情報処理装置、情報処理方法およびプログラム |
EP3470985A1 (fr) * | 2017-10-13 | 2019-04-17 | CODESYS Holding GmbH | Procédé et système de modification d'un programme de commande industrielle |
JP6783812B2 (ja) * | 2018-03-13 | 2020-11-11 | 株式会社東芝 | 情報処理装置、情報処理方法およびプログラム |
JP6971958B2 (ja) * | 2018-12-10 | 2021-11-24 | 株式会社東芝 | 情報処理装置、情報処理方法、および情報処理プログラム |
US11546315B2 (en) * | 2020-05-28 | 2023-01-03 | Hewlett Packard Enterprise Development Lp | Authentication key-based DLL service |
Family Cites Families (56)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7613926B2 (en) * | 1997-11-06 | 2009-11-03 | Finjan Software, Ltd | Method and system for protecting a computer and a network from hostile downloadables |
US6802061B1 (en) * | 1996-12-12 | 2004-10-05 | Microsoft Corporation | Automatic software downloading from a computer network |
US6189097B1 (en) * | 1997-03-24 | 2001-02-13 | Preview Systems, Inc. | Digital Certificate |
BR9809272A (pt) * | 1997-05-09 | 2000-06-27 | Connotech Experts Conseils Inc | Estabelecimento de chave secreta inicial incluindo instalações para verificação de identidade |
US6317880B1 (en) * | 1999-03-03 | 2001-11-13 | Microsoft Corporation | Patch source list management |
US6697820B1 (en) * | 2000-01-14 | 2004-02-24 | Martin B. Tarlie | System for and method of golf performance recordation and analysis |
US7590973B1 (en) * | 2000-06-30 | 2009-09-15 | Microsoft Corporation | Systems and methods for gathering, organizing and executing test cases |
US20020124245A1 (en) * | 2000-08-14 | 2002-09-05 | Alvin Maddux | Method and apparatus for advanced software deployment |
US20030023770A1 (en) * | 2001-07-26 | 2003-01-30 | Barmettler James W. | Automated software driver installation |
DE10162291A1 (de) * | 2001-12-19 | 2003-07-03 | Philips Intellectual Property | Verfahren und Anordnung zur Verhinderung unbefugten Ausführens von Computerprogrammen sowie ein entsprechendes Computerprogrammprodukt und ein entsprechendes computerlesbares Speichermedium |
US20030233483A1 (en) * | 2002-04-23 | 2003-12-18 | Secure Resolutions, Inc. | Executing software in a network environment |
US7213060B2 (en) * | 2002-04-23 | 2007-05-01 | Canon Kabushiki Kaisha | Web based creation of printer instances on a workstation |
US20050220304A1 (en) * | 2002-06-17 | 2005-10-06 | Koninklijke Philips Electronics N.V. | Method for authentication between devices |
US7162744B2 (en) * | 2002-08-27 | 2007-01-09 | Micron Technology, Inc. | Connected support entitlement system and method of operation |
US7089552B2 (en) * | 2002-08-29 | 2006-08-08 | Sun Microsystems, Inc. | System and method for verifying installed software |
US7080356B2 (en) * | 2002-09-18 | 2006-07-18 | Sun Microsystems, Inc. | Certification test suite |
US7353501B2 (en) * | 2002-11-18 | 2008-04-01 | Microsoft Corporation | Generic wrapper scheme |
US20080109679A1 (en) * | 2003-02-28 | 2008-05-08 | Michael Wright | Administration of protection of data accessible by a mobile device |
US7337330B2 (en) * | 2003-03-10 | 2008-02-26 | Cyberview Technology, Inc. | Universal game download system for legacy gaming machines |
WO2004080550A2 (fr) * | 2003-03-10 | 2004-09-23 | Cyberscan Technology, Inc. | Configuration dynamique d'un systeme de jeu |
US20050132357A1 (en) * | 2003-12-16 | 2005-06-16 | Microsoft Corporation | Ensuring that a software update may be installed or run only on a specific device or class of devices |
US7568195B2 (en) * | 2003-12-16 | 2009-07-28 | Microsoft Corporation | Determining a maximal set of dependent software updates valid for installation |
US7698744B2 (en) * | 2004-12-03 | 2010-04-13 | Whitecell Software Inc. | Secure system for allowing the execution of authorized computer program code |
US7555645B2 (en) * | 2005-01-06 | 2009-06-30 | Oracle International Corporation | Reactive audit protection in the database (RAPID) |
KR20060082353A (ko) * | 2005-01-12 | 2006-07-18 | 와이더댄 주식회사 | 실행가능 웹 컨텐트 제공 및 처리 시스템 및 방법 |
US7739682B1 (en) * | 2005-03-24 | 2010-06-15 | The Weather Channel, Inc. | Systems and methods for selectively blocking application installation |
US8677020B2 (en) * | 2005-10-17 | 2014-03-18 | Amobee Inc. | Device, system and method of wireless delivery of targeted advertisements |
US7987368B2 (en) * | 2005-10-28 | 2011-07-26 | Microsoft Corporation | Peer-to-peer networks with protections |
JP4908026B2 (ja) * | 2006-03-22 | 2012-04-04 | 株式会社東芝 | 情報処理装置 |
US7895573B1 (en) * | 2006-03-27 | 2011-02-22 | Mcafee, Inc. | Execution environment file inventory |
US20080016339A1 (en) * | 2006-06-29 | 2008-01-17 | Jayant Shukla | Application Sandbox to Detect, Remove, and Prevent Malware |
US20080126779A1 (en) * | 2006-09-19 | 2008-05-29 | Ned Smith | Methods and apparatus to perform secure boot |
US20080086485A1 (en) * | 2006-10-06 | 2008-04-10 | Paper Thomas M | Process and system for tracking, combining and reporting on data from multiple organizations |
US8458695B2 (en) * | 2006-10-17 | 2013-06-04 | Manageiq, Inc. | Automatic optimization for virtual systems |
KR100925508B1 (ko) * | 2006-11-13 | 2009-11-05 | 한국전자통신연구원 | 액티브엑스 컨트롤 실행 관리 장치 및 방법 |
US9917844B2 (en) * | 2006-12-17 | 2018-03-13 | Fortinet, Inc. | Detection of undesired computer files using digital certificates |
US7730145B1 (en) * | 2007-03-27 | 2010-06-01 | Richard Frenkel | Anti-UCE system and method using class-based certificates |
US9053323B2 (en) * | 2007-04-13 | 2015-06-09 | Hewlett-Packard Development Company, L.P. | Trusted component update system and method |
US8621456B2 (en) * | 2007-05-31 | 2013-12-31 | Microsoft Corporation | Detecting and modifying security settings for deploying web applications |
US7917765B2 (en) * | 2007-05-31 | 2011-03-29 | Ncr Corporation | Modular signature verification architecture |
US8112791B2 (en) * | 2007-11-14 | 2012-02-07 | Kiester W Scott | Secure launching of browser from privileged process |
US20090157731A1 (en) * | 2007-12-14 | 2009-06-18 | Zigler Jeffrey D | Dynamic audio file and method of use |
US8950007B1 (en) * | 2008-04-07 | 2015-02-03 | Lumension Security, Inc. | Policy-based whitelisting with system change management based on trust framework |
US8473461B1 (en) * | 2008-05-27 | 2013-06-25 | Symantec Corporation | File infection removal by differential copy |
US8261242B2 (en) * | 2008-06-09 | 2012-09-04 | International Business Machines Corporation | Assisting debug memory tracing using an instruction array that tracks the addresses of instructions modifying user specified objects |
US9224088B2 (en) * | 2008-07-10 | 2015-12-29 | Christopher Hazard | Methods, systems, and computer program products for simulating a scenario by updating events over a time window including the past, present, and future |
US8931086B2 (en) * | 2008-09-26 | 2015-01-06 | Symantec Corporation | Method and apparatus for reducing false positive detection of malware |
US20100228701A1 (en) * | 2009-03-06 | 2010-09-09 | Microsoft Corporation | Updating bloom filters |
US8495621B2 (en) * | 2009-06-15 | 2013-07-23 | Microsoft Corporation | Catalog-based software component management |
US7640589B1 (en) * | 2009-06-19 | 2009-12-29 | Kaspersky Lab, Zao | Detection and minimization of false positives in anti-malware processing |
US8566943B2 (en) * | 2009-10-01 | 2013-10-22 | Kaspersky Lab, Zao | Asynchronous processing of events for malware detection |
US8356354B2 (en) * | 2009-11-23 | 2013-01-15 | Kaspersky Lab, Zao | Silent-mode signature testing in anti-malware processing |
CN102111378A (zh) * | 2009-12-25 | 2011-06-29 | 上海格尔软件股份有限公司 | 签名验证系统 |
US9104872B2 (en) * | 2010-01-28 | 2015-08-11 | Bank Of America Corporation | Memory whitelisting |
US9501644B2 (en) * | 2010-03-15 | 2016-11-22 | F-Secure Oyj | Malware protection |
US8572730B1 (en) * | 2011-02-28 | 2013-10-29 | Symantec Corporation | Systems and methods for revoking digital signatures |
-
2011
- 2011-08-24 US US13/216,388 patent/US20130055369A1/en not_active Abandoned
-
2012
- 2012-08-24 CN CN201280041118.8A patent/CN103988208A/zh active Pending
- 2012-08-24 WO PCT/US2012/052282 patent/WO2013028978A1/fr unknown
- 2012-08-24 EP EP12825003.2A patent/EP2748751B1/fr active Active
Non-Patent Citations (1)
Title |
---|
None * |
Also Published As
Publication number | Publication date |
---|---|
US20130055369A1 (en) | 2013-02-28 |
CN103988208A (zh) | 2014-08-13 |
EP2748751A4 (fr) | 2015-05-27 |
EP2748751A1 (fr) | 2014-07-02 |
WO2013028978A1 (fr) | 2013-02-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2748751B1 (fr) | Système et procédé d'authentification du jour zéro de contrôles activex | |
US20240098097A1 (en) | Secure over-the-air updates | |
EP3238125B1 (fr) | Mises à jour de confiance | |
US8869142B2 (en) | Secure content publishing and distribution | |
Bellissimo et al. | Secure Software Updates: Disappointments and New Challenges. | |
CA2814497C (fr) | Modele de reputation de certificat de signature de logiciel | |
US8443204B2 (en) | Ticket authorized secure installation and boot | |
US20080072324A1 (en) | Restricting a processing system being compromised with a threat | |
WO2016042430A1 (fr) | Hyperviseur et protection d'une machine virtuelle | |
CN115113970A (zh) | 一种基于容器引擎的数据处理方法以及相关设备 | |
US8650391B2 (en) | Systems and methods for securely providing and/or accessing information | |
Machie et al. | Nimda worm analysis | |
US20220207142A1 (en) | Zero Dwell Time Process Library and Script Monitoring | |
Cappos et al. | Package management security | |
JP2005527905A (ja) | 実行可能なコードを格納するタンパーエビデントな取り外し可能な媒体 | |
US11392700B1 (en) | System and method for supporting cross-platform data verification | |
Knockel et al. | Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on Third-Party Software: We're FOCI'd. | |
Athalye et al. | Package manager security | |
KR102534012B1 (ko) | 컨텐츠 제공자의 보안등급을 인증하는 시스템 및 그 방법 | |
Park et al. | Component integrity check and recovery against malicious codes | |
Kuppusamy | Building Compromise-Resilient Software Repositories |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20140320 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
RA4 | Supplementary search report drawn up and despatched (corrected) |
Effective date: 20150424 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 21/52 20130101ALI20150420BHEP Ipc: G06F 21/57 20130101ALI20150420BHEP Ipc: G06F 21/51 20130101AFI20150420BHEP |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: MCAFEE, LLC |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 602012055816 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: G06F0021100000 Ipc: G06F0021510000 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/32 20060101ALN20180628BHEP Ipc: H04W 4/50 20180101ALN20180628BHEP Ipc: G06F 21/57 20130101ALI20180628BHEP Ipc: G06F 21/52 20130101ALI20180628BHEP Ipc: G06F 21/51 20130101AFI20180628BHEP Ipc: H04L 29/06 20060101ALN20180628BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTG | Intention to grant announced |
Effective date: 20180803 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: AT Ref legal event code: REF Ref document number: 1088189 Country of ref document: AT Kind code of ref document: T Effective date: 20190115 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602012055816 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20190109 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1088189 Country of ref document: AT Kind code of ref document: T Effective date: 20190109 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190509 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190409 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190410 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190509 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190409 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602012055816 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 |
|
26N | No opposition filed |
Effective date: 20191010 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190824 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190831 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190831 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20190831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190831 Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190824 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20120824 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190109 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20230706 Year of fee payment: 12 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20230627 Year of fee payment: 12 |